GHSA-7pqv-wj3v-fcq3HighCVSS 8.8

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing...

Published
July 12, 2026
Last Modified
July 12, 2026

🔗 CVE IDs covered (1)

📋 Description

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process, triggering command execution when SMB protocol messages are processed.

🔗 References (4)